Press "Enter" to skip to content

Securely connect to Home Assistant from the outside world using NGINX

FacebooktwitterredditmailFacebooktwitterredditmail

So you have Home Assistant running al good in your local network, but no way of accessing it remote. You of course have a few different options, but the combination of hurdles you have to overcome is rather large: Dynamic IP, ISP router/modem that doesn’t do exactly what you want and a general sense of security to not directly expose your devices to the outside network.

In comes NGINX to the rescue! Of course you will need some extra hardware to make this work. A cheap VPS/Dedicated server and a domain name pointed to it should be sufficient!

OpenVPN

Setup an OpenVPN network on your VPN. In the future I may write up how to do this, but it should be very self explanatory. Make sure you are able to ping your Home Assistant (VPN)IP from the NGINX server and vice versa.

Note that OpenVPN is not needed if you have an externally accessible server in the same network as your Home Assistant device.

NGINX

So now the real deal! NGINX will allow you to form a reverse proxy towards any other website. As Home Assistant is working with websockets, you would need a fairly up-to-date version of NGINX. We will also securing the communication with SSL/Certbot

Create a config file for your Home Assistant website in the /etc/nginx/sites-enabled directory.

After nginx has restarted, typing in the URL of your nginx server should allow you to login to Home Assistant.

Now comes the “security” stuff!

Follow the instructions and make sure to force the redirection to HTTPS! Checking your config file again, it should have added some lines to enable SSL. Going to your nginx webserver will also force HTTPS now (after a restart of nginx).

Your Home Assistant is now securely accessible via your nginx server!

Even more security!

Personally, I don’t allow the “wildcard” access to my Home Assistant. If access is needed I just put my phone on the VPN and access it that way. Much more secure!

However, some services like google assistant, Owntracks, … do need direct access to your Home Assistant. For that reason my nginx server block looks like the below!

Happy remote Home Assistant access!

FacebooktwitterredditmailFacebooktwitterredditmail

Be First to Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.